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CLAIMS 



What is claimed is: 

5 LA method for controlling subscriber access in a network capable of establishing 
connections with a plurality of services, comprising: 

receiving a communication from a subscriber using a first communication network 
coupled to a second conamunication network, said communication optionally 
including a domain identifier associated with a service on said second 
10 communication network; and 



authorizing said subscriber to access a service on said second communication 

network using one of a plurality of virtual circuits, said authorizing based upon a 
domain configuration override attribute associated with the virtual circuit used to 
receive said communication from said subscriber. 



2. The method of claim 1 wherein said authorizing further comprises: 

receiving from a memory a virtual circuit profile associated with said virtual circuit; 
assessing said virtual circuit profile to determine if a domain configuration override 
attribute exists within said virtual circuit profile; and 



15 



20 



allowing said subscriber to connect exclusively to a service associated with said 



domain configuration override attribute when said domain configuration override 



attribute exists within said virtual circuit profile. 
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3. The method of claim 2, further comprising: 

causing the subscriber to disconnect from all then existing network connections when 
said domain configuration override attribute exists within said virtual circuit 
5 profile and when said domain identifier in said conmiunication does not match 

said service associated with said domain configuration override attribute. 

4. The method of claim 2 wherein said service request comprises a Point-to-Point 
Protocol (PPP) session service request. 

10 

5. The method of claim 4 wherein 

said PPP session comprises a tunneling session; and 
said allowing further comprises assigning a tunnel E). 

15 6. The method of claim 5 wherein said tunneling session comprises an L2TP session. 

7. The method of claim 6 wherein said receiving a virtual circuit profile further 
comprises performing a table lookup based upon a Virtual Path Identifier (VPI) / 
Virtual Channel Identifier (VCI) associated with said virtual circuit. 

20 

8. A program storage device readable by a machine, embodying a program of 
instructions executable by the machine to perform a method to control subscriber 
access in a network capable of establishing connections with a plurality of services, 
the method comprising: 

25 receiving a communication from a subscriber using a first communication network 

coupled to a second communication network, said conmiunication optionally 
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including a domain identifier associated with a service on said second 
communication network; and 
authorizing said subscriber to access a service on said second communication 
5 network using one of a pluraUty of virtual circuits, said authorizing based upon a 

domain configuration override attribute associated with the virtual circuit used to 
receive said communication from said subscriber. 

9. The program storage device of claim 8 wherein said authorizing further comprises: 
10 receiving from a memory a virtual circuit profile associated with said virtual circuit; 

assessing said virtual circuit profile to determine if a domain configuration override 

attribute exists within said virtual circuit profile; and 
allowing said subscriber to connect exclusively to a service associated with said 

domain configuration override attribute when said domain configuration override 
15 attribute exists within said virtual circuit profile. 

10. The program storage device of claim 9, further comprising: 

causing the subscriber to disconnect from all then existing network connections when 
said domain configuration override attribute exists within said virtual circuit 
20 profile and when said domain identifier in said communication does not match 

said service associated with said domain configuration override attribute. 

1 1 . The program storage device of claim 9 wherein said service request comprises a 
Point-to-Point Protocol (PPP) session service request. 

25 
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12. The program storage device of claim 1 1 wherein 
said PPP session comprises a tunneling session; and 
said allowing further comprises assigning a tunnel ID. 

5 

13. The program storage device of claim 12 wherein said tunneling session comprises an 
L2TP session. 

14. The program storage device of claim 13 wherein said receiving a virtual circuit 
10 profile further comprises performing a table lookup based upon a Virtual Path 

Identifier (VPI) / Virtual Channel Identifier (VCI) associated with said virtual circuit. 

15. An apparatus for controlling subscriber access in a network capable of establishing 
connections with a plurality of services, the apparatus comprising: 

15 means for receiving a conmiunication from a subscriber using a first communication 

network coupled to a second communication network, said communication 
optionally including a domain identifier associated with a service on said second 
conmiunication network; and 
means for authorizing said subscriber to access a service on said second 

20 communication network using one of a plurality of virtual circuits, said 

authorizing based upon a domain configuration override attribute associated with 
the virtual circuit used to receive said communication from said subscriber. 
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16. The apparatus of claim 15 wherein said means for authorizing further comprises: 
means for receiving from a memory a virtual circuit profile associated with said 

virtual circuit; 

5 means for assessing said virtual circuit profile to determine if a domain configuration 
override attribute exists within said virtual circuit profile; and 
means for allowing said subscriber to connect exclusively to a service associated with 
said domain configuration override attribute when said domain configuration 
override attribute exists within said virtual circuit profile. 

10 

17. The apparatus of claim 16, further comprising: 

means for causing the subscriber to disconnect from all then existing network 

connections when said domain configuration override attribute exists within said 
virtual circuit profile and when said domain identifier in said communication 
15 does not match said service associated with said domain configuration override 

attribute. 

18. The apparatus of claim 16 wherein said service request comprises a Point-to-Point 
Protocol (PPP) session service request. 

20 

19. The apparatus of claim 18 wherein 

said PPP session comprises a tunneling session; and 

said means for allowing further comprises assigning a tunnel ID. 
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20. The apparatus of claim 19 wherein said tunneling session comprises an L2TP session. 

21. The apparatus of claim 20 wherein said means for receiving a virtual circuit profile 
5 further comprises a means for performing a table lookup based upon a Virtual Path 

Identifier (VPI) / Virtual Channel Identifier (VCI) associated with said virtual circuit. 

22. An access server capable of forcing subscribers of a communications system to gain 
access exclusively to a domain network associated with a virtual circuit, said access 

10 server comprising: 

an authorizer capable of granting service authorization to said subscribers based 

upon a virtual circuit used to make a service request; 
a virtual circuit profile request generator capable of generating virtual circuit 

profile requests; 

15 an assessor capable of assessing said requested virtual circuit profile for a domain 

configuration override attribute; and 
a calculator capable of determining whether the service associated with said 

virtual circuit matches the service associated with said domain configuration 
override attribute. 

20 

23. The access server of claim 22, further comprising: 

a receiving interface capable of accepting said service requests; 
a forwarding interface capable of sending said virtual circuit profile requests to a 
memory bank; and 

25 a second receiving interface capable of accepting requested virtual circuit profiles. 
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24. The access server of claim 22 wherein said service request comprises a Point-to-Point 
Protocol (PPP) session service request. 

5 25. The access server of claim 23 wherein 

said PPP session comprises a tunneling session; and 
said calculator is capable of assigning a tunnel ID. 

26. The access server of claim 24 wherein said tunneling session comprises an L2TP 
10 session. 

27. The access server of claim 25 wherein said assessor is capable of performing a table 
lookup based upon a Virtual Path Identifier (VPI) / Virtual Channel Identifier (VCI) 
associated with said virtual circuit. 

15 

28. The access server of claim 26 wherein said receiving interface comprises at least one 
access multiplexer, each access multiplexer having a plurality of inputs for receiving 
a service request, each of said inputs being associated with a particular subscriber 
virtual circuit. 

20 

29. The access server of claim 23 wherein said memory bank and said access server 
communicate using the Remote Authorization Dial-In User Service (RADIUS) 
protocol. 
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30. An access server capable of forcing subscribers of a communications system to gain 
access exclusively to a domain network associated with a virtual circuit, said access 
server comprising: 

5 a memory device capable of storing a plurality of virtual circuit profiles, said virtual 

circuit profiles capable of having a domain configuration override attribute 
associated with subscriber authorized services; 
an authorizer capable of granting service authorization to said subscribers based upon 
a virtual circuit used to make a service request; 
10 a virtual circuit profile request generator capable of generating virtual circuit profile 

requests; 

an assessor capable of assessing said requested virtual circuit profile for a domain 

configuration override attribute; and 
a calculator capable of determining whether the service associated with said virtual 
15 circuit matches the service associated with said domain configuration override 

attribute. 

31. The access server of claim 29, further comprising: 

20 a receiving interface capable of accepting said service requests; 

a forwarding interface capable of sending said virtual circuit profile requests to a 
memory bank; and 

a second receiving interface capable of accepting requested virtual circuit profiles. 
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32. The access server of claim 29 wherein said service request comprises a Point-to-Point 
Protocol (PPP) session service request. 

5 33. The access server of claim 29 wherein 

said PPP session comprises a tunneling session; and 
said calculator is capable of assigning a tunnel ED. 

34. The access server of claim 32 wherein said tunneling session comprises an L2TP 
10 session. 

35. The access server of claim 33 wherein said assessor is capable of performing a table 



36. The access server of claim 34 wherein said receiving interface comprises at least one 
access multiplexer, each access multiplexer having a plurality of inputs for receiving 
a service request, each of said inputs being associated with a particular subscriber 
virtual circuit. 



lookup based upon a Virtual Path Identifier (VPI) / Virtual Channel Identifier (VCI) 



associated with said virtual circuit. 
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